-
Notifications
You must be signed in to change notification settings - Fork 1
RADIUS
FeIix edited this page May 12, 2026
·
5 revisions
| Port | Encryption | Use Case | |
|---|---|---|---|
| RADIUS | UDP 1812/1813 | Encrypt passwords only | Network access control |
| Extension | Port | Introduction |
|---|---|---|
| Change of Authorization (CoA) | UDP 1700 | Allow dynamically modify an active user or device's session permissions (e.g., VLAN, bandwidth, access level) in real-time without requiring re-authentication. |
| Feature | Windows (NPS) | Linux (FreeRADIUS) |
|---|---|---|
| Platform | Windows Server only | Most Linux distributions |
| GUI | Yes | No (CLI + config files) |
| AD Integration | Native | Possible (requires setup) |
| Customizability | Limited | Very high |
| Resource Usage | Moderate to high | Lightweight |
| Licensing | Requires Windows Server license | Free (open-source) |
| Use Case Fit | Enterprise with AD | ISP, universities, cloud, etc. |
aaa new-model //AAA is required for 802.1x
!
radius server radius.lab.local //Define the radius server
address ipv4 10.0.0.18 auth-port 1812 acct-port 1813
aaa group server radius lab-radius //Add the defined radius server into a AAA group
server name radius.lab.local
!
aaa authentication dot1x default group lab-radius //Creates a series of auth methods used to determine user privilege
//so that the device can communicate with the AAA server.
!
dot1x system-auth-control //Globally enables 802.1X port-based authentication
!
interface GigabitEthernet2
ip address 172.16.101.1 255.255.255.0
authentication port-control auto //Enables 802.1X port-based authentication on the interface.
//auto - enable 802.1x auth and cause the port to begin in the unauthorized state;
//force-authorized - no 802.1x auth and port is always in authorized state;
//force-unauthorized - no 802.1x auth and port remains unauthorized state.